By Adam Atlas
Attorney at Law
Did you hear the story about an ISO bankrupted by orthopedic beds? Please read-on to get the gory details. As a commercial contract and compliance attorney advising ISOs and other crypto and payments companies, I sometimes tell clients that I am a "good times" lawyer. This is in contrast to trial or litigation lawyers who have to deal with disputes between parties when our carefully drafted contracts are fought over.
In 15 years of advising ISOs and their merchants, I have, however, seen some low moments, and I think some of these horror stories can serve to educate ISOs on how to make their businesses stronger from a legal perspective. Names and some details have been removed or fictionalized to protect the identities of the persons concerned.
A client of ours that is a POS equipment leasing company found out that an agent was signing leases for people who were no longer alive. Given that lease commissions are paid on signing, or a month afterwards, and not over many years like payment processing residuals, the temptation for this agent to forge signatures of the deceased was simply too great.
I do not recall whether the leasing company recovered the lease commissions paid to the unscrupulous agent, but the leases didn't run for their full terms, as you can imagine. The legal lesson here, of course, is to check that your merchants are alive before sending them equipment.
Future delivery is the bogeyman of any liability ISO. Future delivery is when a merchant takes a payment today for goods or services to be delivered on a future date. Travel, furniture and home improvement are all examples of future-delivery offerings. In this case, a merchant was in the business of selling rather expensive orthopedic beds – the kind where you can raise or lower the back or the feet.
Anyway, the account was preforming swimmingly, and generating good fee revenue for the ISO for a while. Then, the merchant put through a large number of transactions. After the liability ISO settled the funds to the merchant, the merchant disappeared and never delivered the beds.
The unhappy customers rightfully charged back all their transactions. The chargeback liability for which the ISO was 100 percent liable far exceeded the assets of the ISO and what its residuals could ever pay. The ISO was put out of business as a result. The legal lesson here is to not assume risk that exceeds your ability to manage.
Here, a merchant calls an ISO to let it know that for two years all its settlements were going to an account the merchant did not own. Let me repeat: the merchant was processing (at one location) for two years and (alleges) the business did not receive any of the money for the merchant account.
At the start of this mysterious two year period, a notice was sent to the ISO or its processor, directing them to settle merchant funds to a new account. At the end of the two-year period, the issue became who actually sent the notice to change the deposit account and whether the person sending the notice was authorized to do so by the "real" merchant.
The legal lesson here is to pay particular attention to bank account information, and perhaps make an additional effort to verify bank account information by telephone rather than simply relying on a form submitted by a merchant. Note that if the merchant is dishonest, it may be possible to defraud an ISO by sending a notice to change the deposit account on a merchant account and then renouncing that notice later on.
When merchants are defrauded (by people who order goods then deny having ordered them), it's called friendly fraud. Be mindful that friendly fraud by a merchant is as a much of an possibility as friendly fraud perpetrated by consumers.
Phishing, of course, is a particular form of deceit whereby the fraudster impersonates a real person or company to obtain sensitive information and exploit that information for nefarious purposes. In our case study under this heading, an overseas supplier of a merchant was hacked by phishers who, impersonating the supplier, directed a U.S. customer to pay funds to the fraudster's account, and not the real account of the real supplier.
The U.S. payer lost a lot of money in a single payment. There are so many forms of phishing attacks and possible bad outcomes that result from them that I cannot even start to list them. The lesson here is that all account information in commercial transactions should be viewed with a healthy dose of skepticism. For account setup or large wire transfers, a telephone confirmation of the wire information could save the parties a lot of money.
This one is a bit complicated, but please bear with me. A large ISO with financing from large lenders is busy building a business, trying to pay down loans and earn money through processing residuals. The lenders to the ISO put
the ISO under very close scrutiny to make sure money is not leaking out of the ISO or being used for purposes other than growth of the business.
The (now dishonest) ISO signs a relative as an agent and gives that agent a disproportionately large portion of residuals on all the relative's accounts. Then, the (dishonest) ISO allows the relative/agent to re-solicit the ISO's large accounts, thereby flipping revenue from the ISO (and its lenders) to the relative of the ISO, who then gives the money to the ISO operator outside of the normal channels.
In short, the ISO owner has defrauded the lenders and lined his or her pockets. This matter involved so much money that there were serious allegations of criminal wrongdoing. The lesson here should be obvious.
As my mother-in-law says, honesty is the best policy. As tough as the ISO market is, I advise ISOs to stay honest.
In publishing The Green Sheet, neither the author nor the publisher is engaged in rendering legal, accounting or other professional services. If legal advice or other expert assistance is required, the services of a competent professional should be sought. For further information on this article, please contact Adam Atlas, Attorney at Law, by email firstname.lastname@example.org or phone at 514-842-0886.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next